Category: Equifax hack

Today was supposed to be the deadline for Equifax’s free credit freeze offering, but the company has decided to extend the service to consumers for another five months. Now, Equifax customers can request a credit freeze through June 30.

Still, January 31 is the last day to cash in on free credit monitoring through Equifax’s TrustedID Premier program, assuming you still trust the company that failed to protect the personal data of 143 million users enough to rely on it.

Users who freeze their credit report through Equifax should also look into doing so at Experian and TransUnion, the other two major credit bureaus. Choosing to freeze your credit reports is a useful if imperfect tool for anyone concerned that their accounts or identifying information (social security numbers, birth dates, etc.) might be compromised, but it can prevent would-be identity thieves from opening a line of credit or a loan in your name.

Equifax is also introducing a new credit locking service called Lock & Alert, made available today (and free for life) in app form. It may sound redundant, but a lock and a freeze are two different services. As the company explained to CNN Money, a credit freeze can only be lifted with a pin number, while a credit lock uses “modern authentication techniques, such as username and passwords and one time passcodes for better user experience.” The Lock & Alert app is available now through the App Store and through Google Play.

Eyeing more secure alternatives to social security numbers, lawmakers in the U.S. are looking abroad. Today, the Senate Commerce Committee questioned former Yahoo CEO Marissa Mayer, Verizon Chief Privacy Officer Karen Zacharia, and both the current and former CEOs of Equifax on how to protect consumers against major data breaches. The consensus was that social security numbers have got to go.

Rounding out the panel, Entrust Datacard President and CEO Todd Wilkinson offered some context and insight about why the U.S. should indeed move away from social security numbers — a step that the witnesses unanimously agreed was necessary if not wholly sufficient to protect consumers moving forward, in light of the Equifax hack.

“Over 145 million Americans’ insecure identities are now forever at risk, and they have limited ability to protect themselves,” Wilkinson said. “A key question for this committee to consider is: What do we do now given these identities are forever compromised?”

Social security numbers are a privacy nightmare. While a consumer who gets hacked can replace credit card numbers and other account details, a social security number is permanent, linked inexorably to a real identity throughout a person’s lifespan. In the hearing, Wilkinson and many of the Senators present argued that the U.S. needs to move to a dynamic system of personal identity, one designed with digital security in mind — a stark contrast with an inflexible legacy system that dates back to the 1930s.

“Some combination of digital multi-factor authentication… is the right path,” former Equifax CEO Richard Smith said when asked about such a program.

Multiple times throughout the hearing, Brazil’s Infraestrutura de Chaves Públicas system of citizen IDs through digital certificates came up as a potential model for the U.S. as it moves forward. In this model, a certificate lasts for three years at maximum and can be used to issue a digital signature much like written signatures are used now. Unlike its counterpart in the U.S., these identity accounts can be revoked and reissued easily through an established national protocol.

Members of the Senate committee also advocated for “rigorous” data security rules, expanding FTC authority to enforce them and stiffer penalties to motivate companies to protect consumers proactively.

“The parade of high profile data breaches seems to have no end,” said ranking committee member Bill Nelson. “We can either take action with common sense rules or we can start planning for our next hearing on the issue.”

Last month, White House Cybersecurity Coordinator Rob Joyce made it clear that the Trump administration is also interested in abandoning social security numbers in favor of a more secure, more digital form of identification, stating that the form of ID has “outlived its usefulness.”